Kevin Almansa

Kevin Almansa

MSc Graduate with a passion and curiosity for Computer Security.

Nmap Commands

less than 1 minute read

This post covers basic Nmap commands for Intelligence Gathering using active techniques and passive techniques in conjunction with Metasploit.

Basic arguments such as OS Detection, Port Ranges, etc. are ommited.

Network Discovery

Simple List

nmap -sL 192.168.56.0/24

Ping Scan

nmap -sn 192.168.56.0/24

Port Scan

Basic Port Scan

nmap 192.168.56.101

nmap -sV 192.168.56.101

Aggressive (runs default scripts too)

will set off IDS/IPS

nmap -A 192.168.56.101

Dont ping to determine if alive

nmap -sP 192.168.56.101

Syn Scan

nmap -sS 192.168.56.101

Idle Scanning

If we can predict the IP ID of an idle host, we can use it as a zombie. Idle Incremental IP ID Discovery:

msfconsole> use auxiliary/scanner/ip/ipidseq
msfconsole> show options

Set RHOSTS and THREADS When you found an Incremental host, use it with nmap:

nmap -PN -sI <ip of found host> 190.168.56.101

Scripts

Locate scripts

ls /usr/share/nmap/scripts/

Update Script Database

nmap --script-updatedb

Run Default Scripts

nmap -sC 192.168.56.101 -p <port>

Script Information

nmap --script-help=<script name>

Specific script

nmap --script=<script name> -p <port>

Leave a Comment

You May Also Enjoy

IPTables

7 minute read

This post is created to both introduce and serve as a reference to the Linux firewall IPTables.

Protostar Stack Write-up

17 minute read

This post will be the first part in a series of write-ups for Protostar’s challenges.

DLL Proxying

8 minute read

This post will be the first part in a series on DLL Security covering topics such as DLL Proxying, DLL Injection, and IAT Hooking.